AT ECO Windows & Doors Ltd. – Privacy Policy and Cookies

With this Privacy Policy and Cookies document we would like to inform the users of our website about the purpose, type and scope of personal data processed. Personal data in this context are all information with which you can be personally identified as a user of our website, including your IP address and information that is stored in cookies.

In a general section of this Privacy Policy, we provide you with information on data protection, which generally applies to our processing of data, including data collection on our website. In particular, you as a data subject will be informed about the rights to which you are entitled.

The terms used in our Privacy Policy and our data protection practice are based on the provisions of the EU General Data Protection Regulation (“GDPR”) and other relevant national legal provisions.

By submitting your details, you are confirming that you are happy for them to be passed on to AT ECO Windows & Doors Ltd.

Controller according to the GPDR:

Address: Unit 5A, Rectory, Lane, Brasted, Westerham, TN16 1JP


Tel.: 01732 867043

Data Collection on our website:

Personal data is collected from you when you expressly communicate such data to us. Data, especially technical data, is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions without errors. Other data may be used for analysis. However, you can use our website without a need to provide personal information.

Privacy Policy – AT ECO Windows & Doors Ltd.

This privacy policy is provided by AT ECO Windows & Doors Ltd., registered in England with company number 09101977, whose registered address is Unit 5A, Rectory Lane, Brasted, Westerham, TN16 1JP, UK (“we” or “us”). We are a UK based glazing company who supply and install glazing products for residential and commercial projects in UK.

From time to time, as part of running our business, we collect and use certain personal information about individuals with whom we have contact (we refer to such individuals in this policy as “you” or “your” or “contacts”). Broadly speaking, we collect personal information about 2 types of individuals:

  • • end customers of our products (potential buyers and existing buyers);
  • and
  • • our business contacts (suppliers and subcontractors).

Please see separate sub-headings below which explains the differences between how we treat these 2 categories.

Under data protection law, we have certain legal responsibilities about how we collect, use and share your personal information.

This policy explains our privacy practices and covers the following:

  • • The type of individuals whose personal information we collec
  • • What personal information about you we collect and use
  • • Sources of personal information
  • • How we use your personal information
  • • What marketing activity we undertake
  • • Who we share your personal information with
  • • How long we retain your personal information for
  • • Any transfers involving your personal information
  • • How we legally justify using your personal information
  • • Your legal rights in relation to your personal information
  • • Our use of cookies
  • • Other relevant information, including how to contact us

Whose personal information do we collect:

We collect and use personal information relating to the following types of individuals:


  • • Existing customers – we hold personal information on existing customers who have already purchased our products. These can be private or commercial customers.
  • • Potential customers – we collect information about people (or people at businesses) who have shown an interest in our products. E.g., telephoned us, sent an email or attended an exhibition/trade show where we have displayed our products.

Business contacts:

  • • Contacts of our subcontractor – we collect and use contact details of people whom we liaise with at companies who are providing us with logistic services and installation of our products.
  • • Contacts of our suppliers – we collect and use certain personal information about contacts who work at organisations who supply goods and services to us (e.g., delivery companies, IT service providers, accountancy firms, legal advisors etc.).

What personal information about you we collect and use:

Depending on whose personal data we collect and use (as indicated above) the information will generally consist of:

For customers:

  • • Existing customers: name, email address, personal phone number and home address.
  • • Potential customers: name, email address, personal phone number and home address.

For Business contacts:

  • • Contacts of our subcontractors: name, job title, email address, phone number, place of work, relevant qualifications, and work address.
  • • Contacts of our suppliers: name, job title, place of work, email address, phone number and work address.

We do not collect any sensitive personal data about individuals, e.g., ethnicity, sexual orientation, religious affiliation.

Sources of personal information:


  • • Information you provide directly to us – when you get in touch with us, for instance by email, if you call us, or get in touch via our website, e.g., complete the contact form.
  • • From events that you attend (potential customer only) – we advertise our products at various exhibitions across the UK– you may attend these and may pass on your contact details to us or a third party at the exhibition.

For example, you may pass your contact details to an Internorm UK representative at an exhibition when you fill in a form. Alternatively, we may receive your personal information from the organiser of the event, e.g., if we scan in your pass at our stand, which means that your personal information is shared with us via the event organiser.

How we use your personal information:

Existing customer:

We use the personal information of existing customers to assist in managing our relationship with them; this is in our legitimate business interests as it is required for the following reasons:

  • * As part of the sales process;
  • * For delivery of our products;
  • * After sale, including handling warranty claims and processing enquiries received from customers;
  • * Other similar customer support related purposes. e.g., surveys, external sills installation etc.

Potential customers:

We receive enquiries either by phone or email regarding the price of our products, which may involve us receiving personal information such as email, name, phone number in order to provide a quote. This is also in our legitimate business interests.

Business Contacts:

Day to day relationships with suppliers – we need to communicate as effectively and efficiently with our third party suppliers as part of our legitimate business interests. This is to allow them to provide services to us in a timely and effective manner. Therefore, we use personal information for day to day communications and the management of the relationship with such parties. Our communication methods include written correspondence, email, telephone, online video conferencing and face to face meetings.

Managing accounts and other internal administrative purposes – it is in our legitimate business interests for us to process certain limited personal information for other internal administrative purposes, including in relation to setting up and managing accounts with our suppliers, paying invoices etc.

We also undertake various marketing activities – please see paragraph 5 below for more information on this.

Marketing activities:

E-marketing campaign – potential customers:

  • * In the course of e-marketing campaigns, it is possible for members of the public to give us their personal information via our website contact form. We use this information for the following purposes:
  • * To email an electronic brochure (we will only collect your name and email address for this purpose); and/or
  • * To contact you via phone or email regarding a potential sale of our products.

We will only use your personal information for the above purposes where you have given us your prior consent to do so.

You also have the right to opt out of direct marketing at any time – please see paragraph “Your rights in relation to your personal information” below for more details of this right and your other rights.

Parties who we share your personal information with:

Your personal information is shared with the following parties:

Now and again, we may share your personal information internally with our manufacture, Internorm Windows UK Ltd, who are based in United Kingdom and whose address is Unit D, Colindale Business Park, 2-10 Carlisle Road, London, NW9 0HN.

  • a) With our manufacturers – we pass personal information of existing and potential customers to our manufacturers, for the orders and after sales care and any warranty issues.
  • b) With our Suppliers– we provide personal information of customers to our logistics partners who ship and deliver the products.
  • c) With our IT service providers (customers and business contacts) – suppliers who provide IT systems to us, particularly our CRM software supplier, may occasionally have supervised access to parts of our IT systems which contain personal information, particularly for maintenance and support purposes.

Where we have to share personal information with third parties, where possible, we have contracts in place with such third parties, which ensures that they will protect your personal information and not use it for any purposes beyond delivering their services to us.

How long we retain your personal information for:

The length of time that we retain your personal information for varies, according to the type of individual whose personal information we have collected, and what this is being used for:

Existing customers – we would retain personal information for a period of 10 years from the date of purchase. This is because we offer warranties that last up to 10 years. See our warranty certificate for detailed information on the different warranty periods.

Potential customers – we would retain personal information for a maximum of 3 years. The reason being that in our experience, many potential buyers make an initial enquiry about purchasing our products and then come back to us 2-3 years later, once they are in a position to go ahead with the order.

Contacts at our suppliers – we would retain personal information for the duration of the contract which we have with a supplier plus 7 years.

Transfer of your personal Information:

We will not transfer your personal information outside the European Economic Area (EEA).

Legal grounds for processing your personal information:

Every use that we make of your information must meet a legal ground in the list set out by data protection law. Please see above in relation to the different uses, regarding which legal grounds which we rely on – depending on the use, this is either consent or in our legitimate business interests.

Your rights in relation to your personal information:

If you have any questions in relation to our use of your personal information, you should first contact us using the contact details on our website. Under certain circumstances, you may have the right to:

  • (a) ask us to provide you with further information on the use we make of your personal details;
  • (b) ask us to provide you with an electronic copy of personal information that you have provided to us;
  • (c) ask us to update any inaccuracies in the personal information we hold;
  • (d) ask us to transfer a copy of your personal information to another data controller, in a structured, machine readable and commonly used format;
  • (e) ask us to delete any personal information that we no longer have a lawful ground to use;
  • (f) ask us to restrict our use of your personal information;
  • (g) where the processing of your personal information is based on us receiving your consent, the right to withdraw your consent at any time;
  • (h) if we indicate that we use your personal information for direct marketing purposes, object to receiving any further direct marketing from us at any time;
  • (i) complain to the Information Commissioner at any time;
  • (j) object to our uses of your personal information which are based on the ‘legitimate interests’ legal ground, as indicated above. If any of our uses of your personal information based only on this legal ground is causing you undue harm, then we must cease using your personal information for that purpose.

Your exercise of these rights is subject to certain conditions and exemptions, for example to safeguard the public interest in investigating crimes, or protecting legal privilege. If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

Cookie Policy – AT ECO Windows & Doors Ltd.

This cookies policy is provided by AT ECO Windows & Doors Ltd. (“us”, “we” or “our”).

We use cookies to make our website user-friendly and functional as possible. Some of these cookies are stored on the device you use to access the site.

Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognise website visitors. Cookies can only store information provided by your browser, e.g., information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device.

The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”). The information that is stored and sent back allows each web application to recognise that you have already accessed and visited the website using the browser on your device.

Cookies contain the following information:

Name of the cookie.

Name of the server from which the cookie originates.

Cookie ID number.

An expiry date, after which the cookie will be automatically deleted.

We classify cookies in the following categories depending on their purpose and function:

Technically necessary cookies - these ensure the technical operation and basic functions of our website. These types of cookies are used, for example, to maintain your settings while you navigate our website; or they can ensure that important information is retained throughout the session.

Statistics cookies – these help us to understand how visitors interact with our website by collecting and analysing information on an anonymous basis only. We can then use this information’s to optimize both the website and our products and services.

Marketing cookies – these help us provide targeted promotional and marketing activities for users on our website.

Unclassified cookies - these are cookies that we attempt to classify together with individual cookie providers.

Depending on the storage period, we also divide cookies into session and persistent cookies.

Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device.

Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.

The legal basis for using technically necessary cookies is our legitimate interest in the technically fault-free operation and smooth functionality of our website as described in Art. 6 paragraph 1(f) of the GDPR. The use of statistics and marketing cookies is subject to your consent, in accordance with Art. 6 paragraph 1(a) of the GDPR. You can withdraw your consent for the future use of cookies at any time in accordance with Art. 7 paragraph 3 of the GDPR. Your consent is voluntary. If consent is not given, no disadvantages arise. For more information about the cookies, we actually use (specifically, their purpose and lifespan), please see the table below.

You can set your web browser so that it does not store any cookies in general on your device or so that you will be asked each time you visit the site whether you accept the use of cookies. Cookies that have already been stored can be deleted at any time. Refer to the Help section of your browser to learn how to do this. Please note that a general deactivation of cookies may lead to functional restrictions on our website.

Third Party Technologies on our website:

Google Analytics

We use the functions of the web analytics service Google Analytics on our website to analyse user behaviour and to optimise our website. The provider of this service is Google Ireland Limited, Barrow Street, Dublin 4, Ireland (‘Google’).

ATTENTION: Within the scope of this service, data is transferred by Google to the US or such a transfer cannot be excluded.

In general, information about your use of the website is transferred to a Google server and stored there, such as the type and version of browser you used, the operating system you used, the site you visited prior to accessing our site, the host name of the computer (IP address) you used to access the site, and the time of your server request. For this purpose, we have entered into a contract with Google for contractual processing of your data in accordance with Art. 28 of the GDPR.

At our request, Google will use this information to analyse the use of our website, to create reports on the activities within our website and to render additional services related to the use of our website and of the internet. According to Google, the IP address submitted by your browser will not be added to other data held by Google.

We use Google Analytics only with IP anonymisation activated, which means we have expanded this website to include the code ‘anonymizeIP’. This ensures that your IP address is masked so that all data is collected anonymously. Only under exceptional circumstances will a full IP address be transmitted to a Google server and truncated there.

The data about the use of our website is immediately deleted after the expiration of the storage limits that we have set. Google Analytics gives us the following options for the storage limits: 14 months, 26 months, 38 months, 50 months or no automatic deletion. You can ask us any time for the current storage limit that we have set.

The processing of your data using Google Analytics is subject to your consent in accordance with Art. 6 paragraph 1(a) of the GDPR. You can revoke your consent at any time with effect for the future in accordance with Art. 7 paragraph 3 of the GDPR.

You can also block the collection of data by downloading and installing the browser plugin available through the link below:

For more information about how Google uses your data, and about options for settings and withdrawal of consent, refer to the Google Privacy Policy at

Google Fonts:

To display fonts consistently, our website uses Web Fonts which are provided by Google. Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).

ATTENTION: Within the scope of this service, data is transferred by Google to the US or such a transfer cannot be excluded.

For this purpose, the web browser you use must connect with a Google server. This informs Google that our website is being accessed via your IP address. The IP address from the browser of the device you are using to access our site is also stored by Google. If your browser does not support Web Fonts, your computer will display the site using a standard font type. With each Google Font request, your IP address is automatically transferred to a Google server along with information such as your language preferences, display resolution, version and name of your browser. The usage data collected by Google enables them to determine the popularity of specific font types. Google publishes these findings on internal analytics sites (e.g. Google Analytics).

Google Fonts enables us to use fonts on our own website without uploading them to our server. Google Fonts is an important building block for maintaining the high quality of our website. All Google fonts are automatically optimised for the web. This reduces the data volume and is particularly advantageous for use on mobile devices. When you visit our site, the low file size allows for quicker loading times. Furthermore, Google Fonts are secure Web Fonts that support all major browsers.

The processing of your data, therefore, takes place on the basis of our legitimate interest in maintaining a consistent, attractive presentation for our website. This is defined as a legitimate interest under Art. 6 paragraph 1(f) of the GDPR.

Google stores requests for CSS assets for one day on its servers. This enables us to use the fonts with the support of a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support (

For more information about Google Fonts, refer to and the Google Privacy Policy:

Google Maps:

We embed the service Google Maps on our website to make it easier to read the user’s geographical information, particularly so that we can display our location and provide you with route directions. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).

ATTENTION: Within the scope of this service, data is transferred by Google to the US or such a transfer cannot be excluded.

The use of Google Maps enables Google to collect and process data about the use of this service.

The processing of your data occurs on the basis of our legitimate interest in providing visual, graphical information to users of our website, in accordance with Art. 6 paragraph 1(f) of the GDPR.

For further information, refer to the Google Privacy Policy:

Google Tag Manager:

We use the service Google Tag Manager on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The Tag Manager is used to manage website tags via an interface. This enables us to embed code snippets such as tracking codes or conversion pixels into our website without interfering with the source code. In this process, Tag Manager data is only transferred; it is not collected or stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, because it is used solely to manage other services used on our website. The Tag Manager triggers other tags which in turn collect data under specific circumstances. However, the Tag Manager has no access to this data. If you have chosen to deactivate cookies on our site in general or to deactivate specific cookies, this will remain in effect for all tracking tags that are implemented using the Tag Manager.

For more information about data protection, refer to the following Google websites:

Privacy Policy:

FAQ Google Tag Manager:

Use Policy Google Tag Manager:

Other technologies that we use on our website:

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us.

The access data we process includes:

  • • The name of the website you are accessing.
  • • The browser type (including version) you use.
  • • The operating system you use.
  • • The site you visited before accessing our site (referrer URL).
  • • The time of your server request.
  • • The amount of data transferred.
  • • The host name of computer (IP address) you are using to access the site.

This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website, as described under Art. 6 paragraph 1(f) of the GDPR.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption:

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques in accordance with Art. 6 paragraph 1(f) GDPR.

We also make use of suitable technical and organisational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

Contact us for a free quote now!